HPE Community
Operating System - Linux
1829161 Members
10241 Online
109986 Solutions
New Discussion

IPv6 single-stack? (Points!)

 
Christian Deutsch_1
Esteemed Contributor

‎12-17-2010 06:39 AM

‎12-17-2010 06:39 AM

IPv6 single-stack? (Points!)

Hi there,

I am doing some testing with IPv6.

I am wondering, if I got this right, Linux 2.6 kernel systems are usually dual-stack (IPv4+IPv6) out of the box after installation.

Is it easy to set up a Linux 2.6 kernel machine as IPv6 only with really only the IPv6 networking stack on that system?

All truly helpful responses will be generously rewarded with points!

Thanks, Christian
Yeshua loves you!
0 Kudos
5 REPLIES 5
Matti_Kurkela
Honored Contributor

‎12-17-2010 07:35 AM

‎12-17-2010 07:35 AM

Re: IPv6 single-stack? (Points!)

Even the latest Linux kernel (2.6.36.2 at this time) does not yet support compiling the IPv4 support as a module.

The kernel compilation option that controls IPv4 support is CONFIG_INET, and disabling that will also disable IPv6 support.

So it seems it isn't possible to _remove_ the IPv4 stack from Linux yet. Although I believe that may eventually become possible, when/if IPv6-only networks become common enough.

However, you can *completely block* the IPv4 functionality very simply using iptables:

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -F
iptables -X

This will set all the built-in IPv4 chains (INPUT, FORWARD and OUTPUT) to DROP all packets unless other rules say otherwise, then clears all the other rules and removes any custom rule-chains.

After this, even if you still have IPv4 addresses configured on a NIC, the system will not process any incoming IPv4 packets.

To be doubly sure, you can then remove all IPv4 address assignments from the NICs, making them IPv6-only.

The IPv6 firewall rules are controlled with the command "ip6tables", so they aren't affected by this.

MK
MK
0 Kudos
Christian Deutsch_1
Esteemed Contributor

‎12-20-2010 07:25 AM

‎12-20-2010 07:25 AM

Re: IPv6 single-stack? (Points!)

Thanks MK,

That's very helpful indeed!

What about if I want to restore IPv4 communication?

To get the complete picture would be nice :)

Thanks, Christian
Yeshua loves you!
0 Kudos
Matti_Kurkela
Honored Contributor

‎12-21-2010 06:44 AM

‎12-21-2010 06:44 AM

Re: IPv6 single-stack? (Points!)

Those iptables settings are not persistent unless you write a script that does them at each boot, or use a distribution-specific method to save the iptables settings.

In RHEL 4 and newer, the command to make the current iptables settings persistent is:

service iptables save

(NOTE: this will overwrite the previous rule set. If you want to save it, backup "/etc/sysconfig/iptables" before running this command.)

To re-enable IPv4 traffic without rebooting, just reload your previous iptables rules. Or if you didn't use iptables before, these commands can be used to restore the kernel default "allow everything" policy:

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

(The "-F" and "-X" options are not needed this time: they would delete any exceptions to the default rules.)

MK
MK
0 Kudos
Christian Deutsch_1
Esteemed Contributor

‎12-23-2010 06:33 AM

‎12-23-2010 06:33 AM

Re: IPv6 single-stack? (Points!)

Thanks MK,

That's wonderful!

Very helpful!

Happy Christmas!

Christian
Yeshua loves you!
0 Kudos
Christian Deutsch_1
Esteemed Contributor

‎12-23-2010 06:33 AM

‎12-23-2010 06:33 AM

Re: IPv6 single-stack? (Points!)

:)
Yeshua loves you!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.